|
Vulnerability Development
mailing list archives
Re: Rumours about Apache 1.3.22 exploits
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 05 Mar 2002 10:04:14 -0800
VeNoMouS wrote:
Ive looked into this a little bit more and it adds 8.7KB of data to any elf
file it finds on your system
I don't think the exploit itself is trojaned, as others on this thread
have indicated. Rather, the exploit has been infected with some
virus that opens a backdoor, like RST and RST.b.
it does apare to be some type of virii back door, plz find attached a clean
and a infected version of grep 2.4.2 (GNU) from a rh 6.2 box it appends its
data to the end of the elf but have been unsuccsessful reverse engineing it
so far.
Whoops, I didn't catch that when I read the note the first time.
I don't normally (now) send virus code through to the list.
At least no one needs to ask for samples. :)
Obviously, please take great care with the infected file. If it's
like RST, it will open a backdoor, and call home to tell someone
about it. You will be r00ted.
BB
 By Date 
By Thread
Current thread:
| 
Intro
